SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (E-mail Server)  >  Mailman Vendors:  GNU [multiple authors]
(Apple Issues Fix for OS X) Mailman Input Validation Hole in 'private.py' Discloses Files to Remote Users
SecurityTracker Alert ID:  1013501
SecurityTracker URL:  http://securitytracker.com/id?1013501
CVE Reference:  CAN-2005-0202   (Links to External Site)
Date:  Mar 22 2005
Impact:  Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes   Vendor Confirmed:  Yes  
Advisory:  Apple Security Advisory
Version(s): 2.1 - 2.1.5
Description:  An input validation vulnerability was reported in Mailman in 'private.py'. A remote user can access arbitrary files on the target system.

The true_path() function does not properly validate user-supplied input. A remote user that is a member of a private mailman list can submit a specially crafted input value to access files on the system, including the mailman configuration files and passwords.

A demonsration exploit may contain the following string:

"/...../"

Marcus Meissner reported this flaw.
Impact:  A remote user can access arbitrary files on the target system, including the mailman configuration files with user e-mail addresses and passwords.
Solution:  Apple has issued a fix as part of Apple Security Update 2005-003, described at:

http://docs.info.apple.com/article.html?artnum=301061
Vendor URL:  mailman.sf.net/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  UNIX (OS X)
Underlying OS Comments:  10.3.8

Message History:   This archive entry is a follow-up to the message listed below.
Feb 10 2005 Mailman Input Validation Hole in 'private.py' Discloses Files to Remote Users


 Source Message Contents
Date:  Mon, 21 Mar 2005 22:40:15 -0500
Subject:  http://docs.info.apple.com/article.html?artnum=301061

 
 
 
Security Update 2005-003
 
    * Mailman
      Available for: Mac OS X Server v10.3.8
      CVE-ID: CAN-2005-0202
      Impact: Directory traversal issue in Mailman that could allow access to arbitrary
files.
      Description: Mailman is a software package that provides mailing list management.
This update addresses an exposure in Mailman's private archive handling that allowed 
remote access to arbitrary files on the system. Further information is available from 
http://www.gnu.org/software/mailman/security.html.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC